corbonium wrote:I completed this mission, but maybe by luck, if you count educated guesses as luck. So I have a question:

How do you know that directory traversal is the key? I could not find any evidence that anything is stored in different directories at all.

You don't really know that it is key! Just like you wouldn't know if a web-site filters SQLi, or XSS... You test it out, and if it works, you know it is vulnerable to such attacks, and if it fails, you know it is not vulnerable to those attacks. The first page was overwritten by another index file tells you that the user was able to upload his index page, and replace the actual index file, on the site. With that information, you know that there should be a way to upload a new index file onto the site. The obvious attack choice is directory traversal attack when you see there is a upload form.

The first page was overwritten by another index file tells you that the user was able to upload his index page, and replace the actual index file, on the site. With that information, you know that there should be a way to upload a new index file onto the site. The obvious attack choice is directory traversal attack when you see there is a upload form.

the upload form was indeed the dead giveaway for me, but it did not cross my mind that I should be trying to duplicate the loophole the original hacker exploited. Thinking about it, it now becomes clear as to the reason why both index pages are all in 1 line. It is not to make your life a pain in the ass, and it is not because the original author and the hacker like to write things all on 1 line. it is to do you a favor by giving you a realistic hint to the solution the hacker used. And I give back this knowledge as a hint to those who come after me.

I'm reading that people are stumped or it took them 5 days to complete this mission.. i managed it in about 1 hour... does that mean I'm getting better at this?

by limdis on Fri May 10, 2013 9:54 pm ([msg=75544]see Re: Please ask questions ONLY in this topic.[/msg])

impulse_x wrote:I don't need to e-mail the poetry guy right? That's just something to make the story interesting?If so, and I get the "Go On" page, that means I've solved it?

For our own security we only simulate these exploits. You aren't actually 'performing' anything. If you get prompted by the "Go On" icon then yes you have just executed the necessary action that in the specific scenario would complete the end goal.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."

by N3nvy on Tue May 28, 2013 10:31 am ([msg=75831]see Re: Please ask questions ONLY in this topic.[/msg])

I was all confused with the commands but they are not necessary, use the simple information and try and see what works and where you may be able to submit information.Don't skip over information, everything is there for a reason and is usually important to the mission.

If anyone's stuck at the same place I was, my hints to you are:1. don't mess with the url bar; post is not vulnerable the same way as get2. after checking wikipedia's page try typing exactly what it has3. only one of the boxes is vulnerable